LSARC, Unfortunately, I lost my phone service early on during yesterday's open meeting. I was only able to dial in during the last few minutes of the open discussion. I had hoped to discuss the permissions issue during the meeting.
So how do others see the password permissions issue? Thanks, John On Tue, 2008-11-11 at 09:50, John Fischer wrote: > Shura, > > This partially answers my question. The real problem is that > eclipse creates the password file with 644 permissions and the > directories with 755 permissions. In my opinion this is too > permissive. It should create the file with 600 or 400 and > the directories with 700. Let's discuss this with the rest > of the committee in 10 minutes. > > Thanks, > > John > > On Tue, 2008-11-11 at 09:20, Alexandre (Shura) Iline wrote: > > John, thanks for the explanation. > > > > All dirs Eclipse creates in and including ~/.eclipse has 755 permissions. > > Password file is 644. > > > > If I change the permissions to 700 and 600, it is still able to work. > > > > Does it answer your question? > > > > Shura. > > > > On Tuesday 11 November 2008 20:00:37 John Fischer wrote: > > > Shura, > > > > > > Typically these types of directories have permissions of > > > drwx------. Sometimes these directories will have permissions > > > of drwxr-xr-x. Here are a couple of examples from my home > > > directory: > > > > > > drwxr-xr-x 2 johnf staff 512 Mar 16 2005 .desktop/ > > > drwxr-xr-x 2 johnf staff 512 May 22 2003 .dist/ > > > drwxr-xr-x 15 johnf staff 512 Oct 8 09:20 .dt/ > > > > > > Now if there is sensitive data stored within the directories > > > that have the group and other permissions with the read bit > > > set we need to insure that the password file still has some > > > level of protection. Typically these files are only owner > > > readable (-rw------- (0600) or -r-------- (0400)). There are > > > several programs on Solaris that when they notice that the > > > permissions are not 0600 or 0400 will exit or not use the > > > file. Does eclipse provide this level of protection for > > > the password file it stores in the home directory? > > > > > > Thanks, > > > > > > John > > > > > > On Tue, 2008-11-11 at 00:31, Alexandre (Shura) Iline wrote: > > > > On Monday 10 November 2008 19:13:31 John Fischer wrote: > > > > > Shura, > > > > > > > > > > What are the permissions of the directories and > > > > > file secure_storage? Assuming that the directories > > > > > and file permissions are supposed to be readable and > > > > > writable by the owner only what happens if the > > > > > permissions are otherwise? > > > > > > > > I did not check this scenario. This is an unlikely one, though. > > > > > > > > Normally, ~/.* directories and files are configuration files for some > > > > systems or programs, such as .bashrc, for instance. > > > > > > > > Is there a case when such files are not writeable? > > > > > > > > Shura. > > > > > > > > > Thanks, > > > > > > > > > > John > > > > > > > > > > On Mon, 2008-11-10 at 05:56, Alexandre (Shura) Iline wrote: > > > > > > Hi. > > > > > > > > > > > > Eclipse simply stores encrypted passwords into a file. > > > > > > > > > > > > The file is > > > > > > ~/.eclipse/org.eclipse.equinox.security/secure_storage file. > > > > > > > > > > > > No security issue here as far as I can see. > > > > > > > > > > > > Shura. > > > > >
